Malaysian WackWall Forum

Now Malaysian Can Connect Over The World
 
HomePortalCalendarGalleryFAQSearchMemberlistUsergroupsRegisterLog in
Navigation
:: Portal ::
:: Forum ::
 :: Memberlist ::
:: Profile ::
:: FAQ ::
:: Search ::


AlertPay Easy Money Transfer 100% Free to register
 
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Google Translator
Latest topics
» IRC Flooder Script For Sale
Mon Oct 08, 2012 12:39 am by maxi.y.mateo

» utusan.com.my Being DDOS
Fri Jan 20, 2012 5:33 pm by Penjejak Badai

» PHP IRC Bot
Fri Dec 02, 2011 11:31 am by siperda

» SQL Injection Scanner By XShimeX
Mon Oct 24, 2011 6:22 pm by sucide_bomber

» Website Vulnerable Scanner Tools V1.01 By proqrammer
Mon Oct 24, 2011 6:21 pm by sucide_bomber

» Slowloris or XerXes Leak Version
Tue Sep 13, 2011 7:45 pm by sucide_bomber

» maisarah wuz here
Tue Sep 13, 2011 7:32 pm by sucide_bomber

» Sql Injection Tutorial
Tue Jul 19, 2011 2:56 pm by sucide_bomber

» XerXes Source Codes!!
Wed Jul 13, 2011 8:55 am by wackwall

» SQL Injection dalam bahasa Malaysia
Thu Jun 30, 2011 9:11 pm by sucide_bomber

» LFI Scanner ( Perl )
Mon Jun 27, 2011 8:21 am by wackwall

» Muhasabah diri tingkat kesyukuran, keinsafan umat
Mon Jun 27, 2011 3:56 am by sucide_bomber

» 5013 Webs With SQL Vuln
Mon Jun 27, 2011 3:50 am by sucide_bomber

» Saya mencari part time job online?
Mon Jun 27, 2011 1:19 am by sucide_bomber

» 16 exploits for hacking CC databases
Mon Jun 13, 2011 1:33 pm by sucide_bomber

Link Exchange
Online News


















Churp2x Campaign
Click Pada Iklan DiBawah & Dapatkan Ganjaran Anda
SEKARANG!



















Mangga Ads
NuffNang Ads

Share | 
 

 Phyton SQLi Scanner

View previous topic View next topic Go down 
AuthorMessage
wackwall
Admin


Zodiac : Cancer Chinese zodiac : Rooster
Posts : 159
Points : 2626
Reputation : 2
Join date : 10/12/2010
Age : 35
Location Location : Sarawak

PostSubject: Phyton SQLi Scanner   Mon Feb 28, 2011 1:24 pm

Copy / Paste

Code:

Code:
#!/usr/bin/python

# Simple SQL Injection Vulnerability Scanner by Valentin Hoebel
# Version 0.3 (3rd June 2010)

# Contact me at [You must be registered and logged in to see this link.]
# ASCII FOR BREAKFAST

# Features:
# - Scan a single URL
# - Detect SQL injection vulnerabilities
# - User agent for web requests
# - User friendly (easy to use, everything is automated)
# - Error handling for http requests
# - Display a short scan report
# - Check if the provided URL is reachable

# This tool was not made for SQL injection experts, but for webmasters
# who want to scan their own websites for SQL injection vulnerabilities.
 
# I know that there are much better tools, but well, I do this for learning
# and understanding Python && SQL Injections.
# And ofc for fun!

# Attention: Tool is far away from being perfect, so don't rely a 100 percent on it.

# Known issue:
# For some reason sometimes a "500" error occurs while probing a parameter.
# The scanner then fails to detect vulnerabilities.
# Many other scripted vulnerability scanners have the same problem.
# error code 500 = internal server error
# It is the same with the error code 403.

# Greetz: JosS and Packet Storm staff (love this website!)
# THX to the darkc0de members, you really write awesome scripts!

# Tool was written for educational purposes only! Only scan websites you
# are allowed to test! Know and respect your local laws!
# I am not responsible if you or my script cause any damage or break laws.

# Power to the cows!

import sys,  re,  urllib,  urllib2,  string
from urllib2 import Request,  urlopen,  URLError,  HTTPError
from urlparse import urlparse

# Define the usage, the first thing a users sees if he/she starts the script without any parameter
def print_usage():
    print ""
    print ""
    print "________________________________________________"
    print "Simple SQL Injection Vulnerability Scanner"
    print "by Valentin Hoebel (valentin@xenuser.org)"
    print ""
    print "Version 0.3 (3rd June 2010)  ^__^"
    print "                              (oo)\________"
    print "                              (__)\        )\/\ "
    print "                                  ||----w |"
    print "Power to teh cows!                ||    ||"
    print "________________________________________________"
    print ""
    print "[!] Use parameter --help for help!"
    print ""
    print ""
    return
 
# Define the help message
def print_help():
    print ""
    print ""
    print "________________________________________________"
    print "Simple SQL Injection Vulnerability Scanner"
    print "by Valentin Hoebel (valentin@xenuser.org)"
    print ""
    print "Version 0.3 (3rd June 2010)  ^__^"
    print "                              (oo)\________"
    print "                              (__)\        )\/\ "
    print "                                  ||----w |"
    print "Power to teh cows!                ||    ||"
    print "________________________________________________"
    print ""
    print "The SQL Injection Vulnerability Scanner helps you"
    print "to find SQL injection vulnerabilities within a"
    print "website. It is not perfect so don't rely a 100% on it!"
    print ""
    print "Usage example:"
    print "sqli_scanner.py -u "http://target/index.php?var1=x&var2=y""
    print ""
    print "Options:"
    print " -u <URL>  (starts the scanner)"
    print " --help    (displays this text)"
    print ""
    print "Features:"
    print " - Scan a single URL"
    print " - Detect SQL injection vulnerabilities"
    print " - User agent for web requests"
    print " - User friendly (easy to use, everything is automated"
    print " - Error handling for http requests"
    print " - Display a short scan report"
    print " - Check if the provided URL is reachable"
    print ""
    print "Log feature:"
    print "I did not include any log feature for various"
    print "reasons. Simply add "> test.log" at the end"
    print "of the command if you use linux. Example:"
    print "sqli_scanner.py -u http://target... > test.log"
    print ""
    print "Disclaimer:"
    print "Only use this tool to check websites you are"
    print "allowed to test (e.g. for penetration testing)."
    print "Nerver use this tool on foreign websites!"
    print "Know and respect your local laws!"
    print "I am not responsible if you cause any damage or"
    print "run into trouble."
    print ""
    print "This tool was written for educational purposes only."
    print ""
    print ""
    return

# Define the banner which is printed when the tool was started with parameters
def print_banner():
    print ""
    print ""
    print "________________________________________________"
    print "Simple SQL Injection Vulnerability Scanner"
    print "by Valentin Hoebel (valentin@xenuser.org)"
    print ""
    print "Version 0.3 (3rd June 2010)  ^__^"
    print "                              (oo)\________"
    print "                              (__)\        )\/\ "
    print "                                  ||----w |"
    print "Power to teh cows!                ||    ||"
    print "________________________________________________"
    return

# Define the function which tests if a URL is reachable
def test_URL(provided_url):
    # Define User-Agent variable, change it if you like!
    user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
   
    # Adding the User-Agent to the HTTP request (via GET)
    request_URL = urllib2.Request(provided_url)
    request_URL.add_header("User-Agent",  user_agent)
   
    # Now let's do the HTTP request
    print "[.] Checking if a connection can be established..."
    try:
        http_request_for_test = urllib2.urlopen(request_URL)
    except HTTPError,  e:
        print "[!] The connection could not be established."
        print "[!] Error code: ",  e.code
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    except URLError,  e:
        print "[!] The connection could not be established."
        print "[!] Reason: ",  e.reason
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    else:
        print "[.] Connected to target! URL seems to be valid."
    return

# Scan the provided URL for a SQL injection vulnerability
def scan_URL(provided_url):
    # Define some variables needed for detecting MySQL errors in the source code
    mysql_error_1 = "You have an error in your SQL syntax"
    mysql_error_2 = "supplied argument is not a valid MySQL result resource"
    mysql_error_3 = "check the manual that corresponds to your MySQL"
    param_equals = "="
    param_sign_1 = "?"
    param_sign_2 = "&"
    trigger_error_1 = "'"
    trigger_error_2 = "-1"
   
    # Define dict which will list all vulnerable parameters
    vulnerable_parameters = {}
   
    # Define User-Agent variable, change it if you like!
    user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
   
    # Adding the User-Agent to the HTTP request (via GET)
    request_URL = urllib2.Request(provided_url)
    request_URL.add_header("User-Agent",  user_agent)
   
    # Starting the request
    try:
        http_request_for_call = urllib2.urlopen(request_URL)
    except HTTPError,  e:
        print "[!] The connection could not be established."
        print "[!] Error code: ",  e.code
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
    except URLError,  e:
        print "[!] The connection could not be established."
        print "[!] Reason: ",  e.reason
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1) 
   
    # Storing the response (source code of called website)
    html_call_URL_lite = http_request_for_call.read()
   
    # Paring the URL so we can work with it
    get_parsed_url = urlparse(provided_url)
    print ""
    print "[.] Moving on now."
    print "[.] Server/Domain is:",  get_parsed_url.netloc
    if len(get_parsed_url.path) == 0:
        print "[!] The URL doesn't contain a script (e.g. target/index.php)."
    else:
        print "[.] Detected the path to the script:",  get_parsed_url.path
    if len(get_parsed_url.query) == 0:
        print "[!] The URL doesn't contain a query string (e.g. index.php?var1=x&var2=y)."
    else:
        print "[.] Detected the URL query string:",  get_parsed_url.query
        print ""
   
    # Searching it for MySQL errors
    look_for_mysql_errors_1 = re.findall(mysql_error_1, html_call_URL_lite)
    if len(look_for_mysql_errors_1) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
   
    look_for_mysql_errors_2 = re.findall(mysql_error_2,  html_call_URL_lite)
    if len(look_for_mysql_errors_2) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
   
    look_for_mysql_errors_3 = re.findall(mysql_error_3,  html_call_URL_lite)
    if len(look_for_mysql_errors_3) != 0:
        print "[!] SQL error in the original URL/website found."
        print "[!] There might be problems exploiting this website (if it is vulnerable)."
   
    # Finding all URL parameters
    if param_sign_1 in provided_url and param_equals in provided_url:
        print "[.] It seems that the URL contains at least one parameter."
        print "[.] Trying to find also other parameters..."
       
        # It seems that there is at least one parameter in the URL. Trying to find out if there are also others...
        if param_sign_2 in get_parsed_url.query and param_equals in get_parsed_url.query:
            print "[.] Also found at least one other parameter in the URL."
        else:
            print "[.] No other parameters were found."
       
    else:
        print ""
        print "[!] It seems that there is no parameter in the URL."
        print "[!] How am I supposed to find a vulnerability?"
        print "[!] Please provide an URL with a script and query string."
        print "[!] Example: target/index.php?cat=1&article_id=2"
        print "[!] Hint: I can't handle SEO links, so try to find an URL with a query string."
        print "[!] Exiting now!"
        print ""
        print ""
        sys.exit(1)
   
    # Get the parameters
    # Thanks to atomized.org for the URL splitting and parameters parsing part!
    parameters = dict([part.split('=') for part in get_parsed_url[4].split('&')])

    # Count the parameters
    parameters_count = len(parameters)
   
    # Print the parameters and store them in single variables
    print "[.] The following", parameters_count, "parameter(s) was/were found:"
    print "[.]",  parameters
    print "[.] Starting to scan the provided URL(s) for SQL injection vulnerabilities."
    print ""

    # Have a look at each parameter and do some nasty stuff
    for index, item in enumerate(parameters):
        # Now modify the original URL for triggering MySQL errors. Time to start your prayers :)
        print "[.] Probing parameter "",  item, ""..."
 
        # We now have to solve the problem that we can not modify tuples in the way we need it here.
        # We therefore copy the content of the query string (of the provided URL) into a new string.
        # The string can be modified as we like it :) Afterwards we only have to put the original URL together again.
        query_string_for_replacement = "".join(get_parsed_url[4:5])
        modified_query_string = query_string_for_replacement.replace(parameters[item],  trigger_error_1)

        # Put the URL together again
        # (Yeah I know, I am a real Python noob.)#     
        trigger_URL_1_part_1 = "".join(get_parsed_url[0:1]) + "://"
        trigger_URL_1_part_2 = "".join(get_parsed_url[1:2])
        trigger_URL_1_part_3 = "".join(get_parsed_url[2:3])  + "?"
        trigger_URL_1_part_4 = "".join(modified_query_string) 
        trigger_URL_1 = trigger_URL_1_part_1 + trigger_URL_1_part_2 + trigger_URL_1_part_3 + trigger_URL_1_part_4

        # Calling the modified URL
        try:
            http_request_trigger_1 = urllib2.urlopen(trigger_URL_1)
        except HTTPError,  e:
            print "[!] The connection could not be established."
            print "[!] Error code: ",  e.code
        except URLError,  e:
            print "[!] The connection could not be established."
            print "[!] Reason: ",  e.reason
   
        # Storing the response (source code of called website)
        html_call_URL_trigger_1 = http_request_trigger_1.read()

        # Searching the response for MySQL errors
        look_for_mysql_errors_trigger_1 = re.findall(mysql_error_1, html_call_URL_trigger_1)
        look_for_mysql_errors_trigger_2 = re.findall(mysql_error_2, html_call_URL_trigger_1)
        look_for_mysql_errors_trigger_3 = re.findall(mysql_error_3, html_call_URL_trigger_1)
       
        # If the first method was not successfull we simply try the next one
        if len(look_for_mysql_errors_trigger_1) == 0 and len(look_for_mysql_errors_trigger_2) == 0 and len(look_for_mysql_errors_trigger_3) == 0:
            modified_query_string = query_string_for_replacement.replace(parameters[item],  trigger_error_2)
            trigger_URL_2_part_1 = "".join(get_parsed_url[0:1]) + "://"
            trigger_URL_2_part_2 = "".join(get_parsed_url[1:2])
            trigger_URL_2_part_3 = "".join(get_parsed_url[2:3])  + "?"
            trigger_URL_2_part_4 = "".join(modified_query_string) 
            trigger_URL_2 = trigger_URL_2_part_1 + trigger_URL_2_part_2 + trigger_URL_2_part_3 + trigger_URL_2_part_4
            try:
                http_request_trigger_2 = urllib2.urlopen(trigger_URL_2)
            except HTTPError,  e:
                print "[!] The connection could not be established."
                print "[!] Error code: ",  e.code
            except URLError,  e:
                print "[!] The connection could not be established."
                print "[!] Reason: ",  e.reason
           
            html_call_URL_trigger_2 = http_request_trigger_2.read()
            look_for_mysql_errors_trigger_1 = re.findall(mysql_error_1, html_call_URL_trigger_2)
            look_for_mysql_errors_trigger_2 = re.findall(mysql_error_2, html_call_URL_trigger_2)
            look_for_mysql_errors_trigger_3 = re.findall(mysql_error_3, html_call_URL_trigger_2)
           
            if len(look_for_mysql_errors_trigger_1) == 0 and len(look_for_mysql_errors_trigger_2) == 0 and len(look_for_mysql_errors_trigger_3) == 0:
                print "[.] The parameter "",  item,  "" doesn't seem to be vulnerable."
       
        else:
            print "[+] Found possible SQL injection vulnerability! Parameter:", item
            vulnerable_parameters[index+1] = item
       
    # Generate a short report
    if len(vulnerable_parameters) != 0:
        print ""
        print "[#] Displaying a short report for the provided URL:"
        print "[#] At least one parameter seems to be vulnerable. "
        print "[#]",  vulnerable_parameters
        print "[#] (Pattern: param number, param name)"
    else:
        print ""
        print "[#] Displaying a short report for the provided URL:"
        print "[#] No SQL injection vulnerabilities found."

    # And exit
    print ""
    print "[.] That's it. Bye!"
    print ""
    print ""
    sys.exit(1)
    return
    # End of scan_url function
   

# Checking if argument was provided
if len(sys.argv) <=1:
    print_usage()
    sys.exit(1)
   
for arg in sys.argv:
    # Checking if help was called
    if arg == "--help":
        print_help()
        sys.exit(1)
   
    # Checking if  URL was provided, if yes -> go!
    if arg == "-u":
        provided_url = sys.argv[2]
        print_banner()
       
        # At first we test if we can actually reach the provided URL
        test_URL(provided_url)
       
        # Now start the main scanning function
        scan_URL(provided_url)
   
### EOF ###


Just For Sharing!!
wackwall
Back to top Go down
View user profile http://malaysia.1talk.net
 
Phyton SQLi Scanner
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Malaysian WackWall Forum :: Internet :: h4ck3d :: Tools-
Jump to: